The idea of an embedded Flash - XML script, so the flash SWF will check a code in the XML file is a good one, but being totally honest is totally unrealistic.
There are a million and one Flash Decompilers available on the internet, some free, but the better ones are a small price.
http://www.google.co.uk/search?q=flash+decompiler
A few months back one of my hard drives corrupted with some old backed up files, i didn't realise at the time one of my clients logos in FLA was on that HDD. So instead of rebuilding the whole logo in flash (as the site was having a full rebuild), i bought one of those decompilers for a few dollars and had it converted to FLA in mins using the old swf file on the old website.
The decompiler is also excellent to pull apart other peoples work, to find out how they have achieved a certain effect, which isn't theft, its just being resourceful
After all we have all checked JavaScript, HTML and CSS code in the same way to learn from other people work
This decompiled would definitely show the link to the XML file, which could simply be downloaded and stolen with the SWF file.
Also unless you could change the name of the path to the XML doc or the name of the XML doc itself (or both of course), it would be easily found by anybody who has ever used this software before, as they would know for example it was called pano2vr.xml in the same directory as the SWF file.
The only way you could really do something like this is to have some form of executable file such as an php or asp file, which could only be executed locally on the server but not remotely accessed. So even if the direct link was found, you couldn't view it. This would then return a code to the SWF file which will show as correct or not hosting.
But of course the same decompiler above, could be used to strip that element from the swf movie completely, so it wouldn't ever check for the php file in the first place. So this huge undertaking by gnome software will become a whole waste of time. If somebody is going to take your work, they will find a way around it.
The best way i think is a light water mark right across a difficult part to clone out in photoshop on the image directly, before it is wrapped into a movie of which ever form you want. At least this way if somebody does take it, you get some free advertising.
Another way (and I have used this before a few times) is to make a framed flash movie. So you have one flash file (which acts as a player only), which finds another flash file from another directory in your site (the content movie) and shows it through the first one (the player). So if you save the flash SWF embedded in your web page which you see in your browser (the player), you just get a blank flash movie, as the link between the flash movies is broken as you never downloaded the second movie (the content).
This can of course be broken with a decompiler by finding the link its goes to (the content), but its easy and free to do and equally as effective as the code idea, for if they are going to break your SWF to steal it, they will most def remove any security code elements you add.
Can i ask what expected release dates have you got for the next stages of pano2VR, as im planning on buying your software, but it depends on if and when you will be releasing the next stages. I really need Cylinders and Object VR.
Kindest regards
Ian